Take server security seriously
– and stop hackers in their tracks

  • Minimize the risk of server failures
  • Protect against data loss
  • Prevent the company’s IT from crashing
  • Protect file, print, mail, and web servers

 

Free Download
  • Unlimited version of PRTG for 30 days
  • After 30 days, PRTG reverts to a free version
  • Or, you can upgrade to a paid license anytime


10 ways to improve the security of your servers

 

Servers are the backbone of any IT environment. Consequently, their security should be taken very seriously. The following 10 steps will help you ensure your servers stay as secure as possible:

 

  • Secure the server room
  • Build a minimal system
  • Assign rights carefully
  • Install antivirus software
  • Set up a firewall
  • Activate intrusion detection systems
  • Encrypt sensitive data
  • Keep software up-to-date
  • Install centralized monitoring
  • Train employees

Key benefits and objectives

 

  • Maintain the reliability of business processes and online offers
  • Protect company secrets and customer data from theft
  • Keep employees, customers, and partners happy


Servers are mainly responsible for ensuring employees, management, customers, and partners have constant access to the company’s services. Servers are at the heart of all business activity: data swapping, work process optimization, and the services associated with individual tasks. Because they are so vital to the proper functioning of a company’s daily work, servers are an attractive target for hackers.

If a server goes down, the entire company is paralyzed:

  • IT failure, interruption of business processes
  • Data loss and limited access to data
  • Faulty or disabled applications (for employees)
  • Blocked access to services (for customers)
  • Contractual penalties for missed deadlines or non-compliance with SLAs

Server security must be optimized to minimize the risk of crashes, corporate espionage, and other harmful situations. It should be built around a comprehensive strategy providing extensive and long-lasting protection against risks. Interfaces to the Internet represent the biggest sources of risks, which means companies must do everything in their power to secure them. This includes installing antivirus software or firewalls, and monitoring for suspicious traffic. But servers themselves must also be protected, in particular from fire, humidity, power outages, break-ins, theft, and sabotage.

Your network security at a glance
– even while on the go

PRTG can be started within minutes and it's compatible with many mobile devices.

 

PRTG comes with all the features you need, plus more your IT infrastructure won't want to live without.

 

PRTG monitors these vendors and applications, and more, in one view!

 

 

Server security measures

 

We’ve divided server security measures into four areas, which at times cannot help from overlapping:

  • Physical environment/server room security
  • Preventive measures performed on the server itself
  • Warding off attacks
  • Minimizing the consequences of successful attacks

Server room security

Server room security

When people think of server security, they usually think of providing protection from dangerous hackers who launch attacks via the Internet. But even with the current Cloud revolution, servers are still stored in computer centers and server rooms. The hardware in these rooms must regularly be maintained and checked for wear and tear. This hardware is also exposed to a range of physical risks, including everything from fluctuations in voltage to earthquakes. And because of the central role played by servers, the problems that occur in the server room can quickly have an impact on the entire company.

Secure the surroundings

Secure the surroundings

If possible, the servers should be set up in a separate building where you have total control over the room and its surroundings. However, such a setup only makes sense if your company has grown beyond a certain size. If the building is used for other purposes, then an individual fire detection system (at the very least) should be installed to help prevent fires in neighboring departments from reaching the server room.

The following security aspects should be taken into consideration for the area surrounding the server room:

How might the servers be put at risk by bordering rooms or adjacent floors? (For example, by a burst water pipe or increased visitor traffic which criminals could use to their advantage.)

All cables should be firmly in place inside the cable room, ideally under a raised floor. Another security measure involves the use of sockets with voltage regulators. In addition, all flammable objects should be kept a good distance from the server room. It is not recommended that the server room be used as an informal place of storage.

If possible, the server room should be equipped with its own electrical circuit to spare it from external power outages. Short circuits in neighboring departments should not have an impact on your servers. We recommend using an emergency generator to safeguard against large-scale power outages, especially if your servers are used for supplying services to other locations.

Natural hazards

Natural hazards

Server hardware can also be affected by the temperature and humidity of the air in the room. Server rooms should therefore be equipped with air conditioners, heaters, and ventilation systems. If the room has windows, then it should be protected from any eventual rain or condensation. The presence of nearby water pipes (and their potentially dangerous effects) should also be taken into account. The room can be controlled by temperature and humidity sensors. These sensors should deliver their data to a centralized monitoring system so an alarm can be triggered in the event that the respective threshold values are exceeded.

The same goes for smoke detectors and fire detection systems. Automated fire extinguishing devices can save you having to purchase expensive new hardware down the line. The server room should also be equipped with hand-held fire extinguishers.

Since most servers and their components run non-stop and for years on end, even the most minimal risks become a real danger. You must therefore prepare for these risks as well. Depending on the geographical location, servers must be protected against earthquakes and other natural phenomena. One idea is to set up a second computer center in another location to provide for extra protection in the event of a total system failure.

Limiting access

Limiting access

Customer and company data saved on servers – and in corresponding storage systems – requires special protection. As a consequence, you will have to control who is able to access this data via the network. Access to the server room itself should also be dictated by a transparent set of rules. By controlling and keeping a record of access to the server room, tampering by unauthorized persons can be prevented or (at the very least) easily retraced.

It may seem trivial, but to prevent unauthorized persons from gaining access to the server room, you must come up with ways that make it as difficult as possible for such people to achieve their goal. One such strategy involves removing all signs pointing to the server room. After all, those who have access know where it is.

In addition, avoid setting up the server room next to a department with guest workstations. There should be no easy way for non-company employees to access the server room without the proper authorization. The server room itself should always be locked.

All access points to the server room (from the inside or outside) should be secured in such a way that even the most sophisticated break-in methods fail. After all, break-ins can also occur during the night, on weekends, and on holidays. It is not only important to secure doors and windows, but also portholes, ventilation shafts, and light wells. Additionally, you should think about where small rodents might be able to get in. Such openings include locks, grates, and security doors and windows.

It might also be a good idea to install a video surveillance system to monitor the entrance area and potential entry points in the surrounding area, all the while taking data protection regulations into account.

Access rights: knowing when and how to grant them

Access rights: knowing when and how to grant them

Security loopholes can arise when rights are granted in an inconsistent or random fashion. The company must clearly define who needs access to the server room, and who shall receive a chip card or key. All such access rights should be recorded in writing.

Furthermore, the company must ensure keys are returned when there is no longer any reason for people to have them. It must also have a clear-cut policy on what to do if a key or chip card goes missing, on the measures which are to be taken - and where a spare key is to be kept in the case of an emergency.

As is often the case for security-critical questions, the following principle applies: as little access as possible, and only as much as necessary. All access to and contact with IT systems should be documented and checked on a regular basis.

Server room monitoring

Server room monitoring

Ideally, sensors and alerts will be configured for each of these cases as part of your centralized monitoring environment, such that an alarm is sent to the manager in the event of fluctuations in temperature or humidity, smoke, fires, hardware error messages, and unauthorized access or entry.

Precautions to prevent attacks

Precautions to prevent attacks

Once you have found a suitable location for your servers, it is then a matter of setting them up in a secure fashion. In particular, you will want to make sure you have a constant overview of your servers, and take precautionary measures by closing security loopholes and gateways. An attacker should be given as few attack options as possible.

Minimal systems

Minimal systems

The simpler the system, the less prone it is to errors and the fewer software errors and loopholes you will have to fix. Servers, too, should be configured in as simple and transparent a way as possible. Their hardware, services, and operating system should be geared towards performing concrete tasks. The more complex the system, the harder it is to maintain an overview – and the more likely loopholes will go overlooked.

You should therefore only use those hardware components that are absolutely necessary for the functioning of your business. The operating system must be configured properly, services clearly related to the business and its purpose, and interfaces to the Internet kept to a minimum. If hardware components, services, or interfaces are no longer needed, then they should be uninstalled or closed.

Rights management

Rights management

As employees (and their devices and accounts) can attract the attention of hackers, they should only have access to the services and data they are authorized to use, and only obtain the rights they need to complete their tasks.

Various rights are therefore assigned to different user accounts, and define the areas which users can access and the operations (read, write, and execute) they can perform. Regular users, for example, should not receive administrator rights. Rights management makes servers more secure. On the one hand, inexperienced users are unable to accidentally cause damage, while on the other, hackers cannot infiltrate key areas by hacking user accounts.

In general, the configuration of rights takes place via a central user management system that is accessible by the server. A central management system is less prone to error, but must also be properly secured. Data transmission between the client and server must be encrypted, otherwise attackers will be able to read passwords. Examples include the directory services LDAP (Lightweight Directory Access Protocol) and Microsoft Active Directory. Think of using Secure LDAP or LDAPS instead of the unencrypted version of LDAP.

Employee training

Employee training

If all rights have been assigned properly, then you’ve already gone a long way in protecting client machines from potential attacks. It’s not possible to eliminate attacks completely, for employees need interfaces for their business processes (which include everything from simple searches to email traffic and access to the business account). Employees should therefore be taught how to go about handling devices, accounts, and user rights. They should also learn how to spot an attack, as well as help prevent them.

One hacker method for targeting employees is called “social engineering.” Social engineering occurs when people are influenced to behave in a certain way, such as disclose their passwords and other confidential information or click on a link that allows for malware to be installed on their machine.

Such a scam may involve a call from a “service technician” who urgently needs to access your data. Another version involves the use of phishing emails which urge employees to surf to a certain page, thereby allowing a hacker to obtain their login information or infect their computers. Phishing is usually performed on a large scale: if thousands of emails are sent, then at least one recipient is bound to click on the link and thus hand over access to the company network. “Spear phishing” is a special type of phishing that uses legitimate-looking emails to target specific groups.

Employees play key roles in improving the security of your servers and network. They should be made familiar with topics such as phishing, secure passwords, and responsible behavior at the workplace. Sometimes leaving a guest alone in front of a computer is all it takes to put the company at risk.

Software updates

Software updates

Software – from firmware to the business tool – can also put the company at risk. Programming errors can be behind security loopholes as well as other flaws. Exploits take advantage of these weak spots to first gain access to the network and servers and then obtain secret company information or embed malware.

At the same time, professionals gather exploits into “exploit kits,” provide them with an easy-to-use interface, and sell them to interested hackers. In this way, a large range of potential weak spots can be “run through” with little to no effort at all.

If weak spots are uncovered, they should be eliminated by way of countermeasures or security updates that are automatically distributed to all the workstations in the company. By doing so, you’ll at least be sure to close all the known gateways. But the risk still remains that the hacker is one step ahead of the manufacturer and the IT security department.

Memory protection devices and memory randomization

Memory protection devices and memory randomization

Even if a program is run without errors, a hacker can still break in. Inadequate memory management can therefore pose a security risk. In such a case, the reserved memory is too small for the volume of data. The resulting buffer overflows can cause data to be written in memory regions, which can subsequently damage programs and other data. Hackers take advantage of this situation to selectively crash programs or embed program code.

To prevent programs from being run in unauthorized memory regions, think of installing a memory protection device (Executable Space Protection, or "ESP”). While some operating systems can do this without hardware support, certain processors come with hardware that supports ESP.

But even ESP has loopholes. If attackers understand the program structure, they can use a buffer overflow to crash the program (e.g. by overwriting the data in the buffer). Memory randomization (Address Space Layout Randomization, ASLR) can help prevent such attacks. As its name suggests, ASLR arranges address spaces randomly.

The securing of remote connections

The securing of remote connections

More and more companies rely on remote administration – via the local network or Internet – to manage their servers. Remote administration is helpful for quickly identifying problems and determining if threshold values have been exceeded. Faster information lets you take faster action and limit potentially negative consequences. As a result, systems distributed throughout the entire world can be monitored and managed from one central location.

Remote management interfaces can also query the status of hardware if the system is shut down, and thus do not rely on operating systems. With a remote management interface, the system can be restarted from afar (and shut down again). The only requirement is a connection to the power supply. The Intelligent Platform Management Interface (IPMI) works with the hardware of any manufacturer. It can query the statuses of power supplies, processors, fans, and hard drives. There are also manufacturer-specific interfaces.

Regardless of the interface, it’s important that the connection be secure and encrypted to prevent data from being queried by unauthorized persons and ensure unknown third parties do not gain control of the system. A hacker with access to this connection can shut down your hardware completely.

  • Unlimited version of PRTG for 30 days
  • After 30 days, PRTG reverts to a free version
  • Or, you can upgrade to a paid license anytime

Warding off attackers

A server’s need for protection is proportional to the number of ways it can be accessed from the outside. SMTP, web, and mail servers swap data directly with the Internet, which makes it easy for malware to infiltrate. On the other hand, databases, LDAP servers, and other internal network servers are not so easy to attack. These components are only at risk if malware goes unnoticed and is able to propagate within the internal network.

Attackers should not be given the chance to penetrate the company network via open interfaces. Attack routes include open and unsecured ports, conventional email attachments with viruses, and Trojan horses or drive-by attacks via malware-infected websites. Firewalls, intrusion detection systems, and antivirus software are recommended for blocking these routes.

Firewalls

Firewalls

A firewall is a server’s first line of defense. It protects interfaces to the Internet from unwanted intruders. Firewalls analyze incoming and outgoing traffic, and decide whether this data should be permitted or forbidden. These decisions are made in accordance with a predefined set of rules that take the sender, destination, and services into account.

 

Virus scanners

Virus scanners

Antivirus software should be installed to defend against viruses and other malware. This software tests data arriving at the Application Level Gateway (ALG) and email server. To root out malware that is detected later (e.g. once a signature becomes available), another inspection is performed on the file server and other internal servers. Clouds should also be checked on a regular basis. Your company may use a variety of different programs and search engines. To prevent these from getting in the way, they should not be run on the same system.

“The greatest advantage of PRTG? You get to rest easy.“

Steffen Ille, Bauhaus-University of Weimar, Germany

Damage control

 

If hackers are able to gain access to the server system despite your taking preventive measures and monitoring open interfaces, these hackers must be sniffed out immediately and allowed to cause as little damage as possible. To stop a hacker, you must secure all sensitive areas and continually check ongoing processes for malware.

 

Intrusion detection/prevention systems (IDS/IPS)

Intrusion detection/prevention systems (IDS/IPS)

Intrusion detection systems (IDSs) use traffic communication patterns to identify malware. They mirror the data that passes through switches, and inspect this data for suspicious elements. Intrusion prevention systems (IPSs) can also be used to get rid of malware.

Encryption

Encryption

If – despite all your precautionary measures and monitoring – an intruder still manages to gain access to the server (and its network), your data should at the very least be encrypted. You can choose to encrypt entire hard drives, individual partitions, directories, or just certain sensitive data. Hackers cannot, for example, access unencrypted passwords.

TPMs (trusted platform modules)

TPMs (trusted platform modules)

If your server hardware has a trusted platform module (TPM) as part of its mainboard, then this module can also be used to increase the security of your servers. The module has two functions: create/store cryptographic keys and generate random numbers. These keys and random numbers never leave the TPM. As a result, access by malware or a third party is impossible. Before installing a TPM, make sure it is compatible with your operating system.

Integrity checks

Integrity checks

Integrity checks are used to identify unintentional modifications, or those that are performed on purpose by a hacker. During an integrity check, a service monitors access to a file and is activated in the event of a modification. The server status is then compared with a status that was recorded before the check began.

Logging

Logging

The server’s operating system and services record all important events in logs. These events include status and error messages, as well as logs of when services are run or stopped. Logs should be analyzed regularly to uncover loopholes and attacks, which can easily by spotted by unusual-looking data.

Monitoring

Monitoring

Monitoring software is a fundamental part of any server security system. After all, what good is a firewall, antivirus software, or backup software if they malfunction or crash? With a monitoring tool, you can monitor all your security tools and be informed of glitches automatically.

Thanks to regular status checks, you’ll always know if your hardware, operating systems, and services are up and running. You usually also get access to a centralized management console, which you can use, among other things, to check traffic for anomalies.

SNMP (Simple Network Management Protocol)

The SNMP network protocol is the easiest and most resource-efficient monitoring method. SNMP configures, manages, and monitors network components (servers, routers, switches, and printers), and reads system variables, temperature sensors, memory usage data, and much more.

SNMP versions 1 and 2 offer nearly no security at all; SNMP v1 sends data such as passwords in clear text. Version 3 is the first to include important security mechanisms on authentication, encryption, and access control.

WBEM (Web Based Enterprise Management)

WBEM is used to manage network and system resources (e.g. hardware, software, users). Its Common Information Model (CIM) defines standard interfaces which make it possible to access the devices and applications of various different manufacturers. CMI – like SNMP – lets you retrieve the configurations of devices and modify their settings.

All data is usually sent via HTTP (Hypertext Transfer Protocol). The advantage of HTTP is that SSL (HTTPS) can also be used for the encryption of transferred data. Windows Management Instrumentation (WMI) is a well-known implementation of WBEM.

An introduction to monitoring with PRTG

 

Server security monitoring with PRTG

 

Servers are the backbones of every IT infrastructure. Without them, companies cannot conduct their business. PRTG network monitoring software warns you in the event of malfunctions and incidents which can put the security of your network and servers at risk. PRTG checks to make sure your firewalls, virus scanners, security software, and backups are up and running. It can also inform you if someone accesses the server room who isn’t authorized to do so. PRTG comes with a number of functions that can help you increase the security of your servers.

Proactive and quick to sound the alarm

Proactive and quick to sound
the alarm

PRTG ensures system failures are kept as short as possible – or prevented in advance. Its built-in alarm system will send you an alert by email, SMS, or push notification at the slightest sign of a problem.

With PRTG, all notification threshold values are customizable. Sysadmins are therefore informed before a bottleneck causes a crash or other damage. In the event of a server error, PRTG notifies you at once.

 

An all-in-one IT solution

An all-in-one
IT solution

PRTG monitors your network’s entire IT infrastructure: processors, RAM, fans, power supplies, servers, storage devices, connected devices (e.g. routers, computers, and printers), traffic, and much more. As an “all-in-one” solution, PRTG lets you do away with the weak spots that tend to crop up when using a variety of different programs.

Whether you have just a few servers or a gigantic server farm, PRTG adapts to the size of your server landscape. All PRTG licenses are customizable. Even virtual servers are recognized automatically and incorporated into your monitoring environment.

 

Facilitate capacity planning and process optimization

Facilitate capacity planning and process optimization

PRTG helps you get a handle on your capacity planning. Its comprehensive server monitoring allows sysadmins to promptly recognize when it’s time for an upgrade.

PRTG comes with a dashboard that displays all monitoring data on customizable, easy-to-read charts. Another feature: extensive reports, which back information obtained from colleagues and management, the planning of new purchases, and the company’s process optimization plan.

 

Measurement methods

 

PRTG uses SNMP, packet sniffing, and NetFlow to measure network traffic.

  • SNMP makes it possible to monitor all the traffic in your network, and to sort this traffic by port. SNMP is the easiest and most resource-efficient option.
  • Packet sniffing and NetFlow (or sFlow and jFlow), meanwhile, provide for more detailed network traffic analysis. These methods can also be used to sort and filter network traffic by IP address or protocol.

8 reasons why PRTG monitoring makes servers more secure

 

 

iWhat is a sensor?

In PRTG, “Sensors” are the basic monitoring elements. One sensor usually monitors one measured value in your network, e.g. the traffic of a switch port, the CPU load of a server, the free space of a disk drive. On average you need about 5-10 sensors per device or one sensor per switch port.

View video (3:26 min.)

All-in-one software provides for effective server monitoring

All-in-one software provides for effective server monitoring

PRTG effectively monitors all the parameters linked to server security in your monitoring environment. Problems can therefore be found – and solved – much faster. And this is true even if the cause of the damage cannot be traced back to the server itself.

Server security data at a glance

Server security data at a glance

An easy-to-read dashboard gives sysadmins the best possible overview of their monitoring data. All data can be mixed and matched to get a better idea of possible correlations.

Customize sensors and alerts to sniff out danger

Customize sensors and alerts to sniff out danger

The powerful PRTG API lets you customize your monitoring to best meet the needs of your company’s IT infrastructure. Individual sensors can be modified with a few quick clicks. Alarms are tailor-made to perfectly anticipate risks.

Identify bottlenecks and other traffic problems

Identify bottlenecks and other traffic problems

NetFlow and packet sniffing allow sysadmins to immediately spot potential network bottlenecks and unusual spikes in traffic. If you have cause for suspicion, you can isolate computers or disable applications one by one.

Reduce risks and complexity with centralized monitoring

Reduce risks and complexity with centralized monitoring

PRTG lets you bypass the risks you'll encounter while using a combination of monitoring tools, by doing away with compatibility problems and keeping weak spots to a minimum. With PRTG, things get overlooked less.

An early warning system for suspicious activity

An early warning system for suspicious activity

PRTG records and retraces anomalies – and alerts sysadmins automatically. Furthermore, with PRTG, hackers who have already infiltrated the network are prevented from causing additional damage.

Prevent security tools from crashing

Prevent security tools from crashing

PRTG notifies you in the event that firewalls, antivirus software, or other security tools are about to crash. It also lets you know if a backup is faulty. You can therefore take action before more serious problems arise.

Secure your ports

Secure your ports

PRTG allows sysadmins to ascertain the extent to which their ports are protected by SSL/TSL.

PRTG simplifies your day

Our monitoring software works for you and promptly notifies you of potential issues.
It frees you to concentrate on your day-to-day tasks with peace of mind.

 

PRTG saves time

With PRTG, you get one central monitoring tool for your servers and entire network. Enjoy a quick overview of your whole infrastructure via our dashboard and app.

PRTG saves worry

Customizing PRTG is a breeze. Getting started or switching from another network monitoring tool is easy thanks to the PRTG auto-discovery and pre-configured device templates.

PRTG saves money

80% of our customers report substantial or even exceptional cost savings in the area of network monitoring. The experience shows that the costs for licenses have paid for themselves within a matter of weeks.

 

box.png

Want to learn more about PRTG? Please do!


PRTG comes with sensors for web servers, database servers, file servers, virtual servers, and many more. All sensors can be customized for your own particular fleet.

More information:

Award winning solution

We work hard on making our software as powerful and easy-to-use
as possible for our customers each and every day.
Of course it makes us proud when we get awards for that.

 

awards

PRTG: The swiss army knife for sys admins

Adapt PRTG individually and dynamically to your needs relying on a strong API:

  • HTTP API: Access monitoring data and manipulate monitoring objects using HTTP requests
  • Custom Sensors: Create your own sensors for customized monitoring
  • Custom Notifications: Create your own notifications to send alarms to external systems
  • New REST API Sensor: Monitor almost everything that provides XML or JSON

PAESSLER AG –
German quality
engineering

Free Download
  • Unlimited version of PRTG for 30 days
  • After 30 days, PRTG reverts to a free version
  • Or, you can upgrade to a paid license anytime

 

Most administrators want to test a tool for free before deciding to make an investment.


The many advantages of PRTG:

1. Free trial version: Take the time to explore PRTG so you can determine if it satisfies your needs and meets your expectations. Once the trial is over, it’s easy to upgrade your already configured version of PRTG, which means you’re much less likely to make an incorrect purchase.

2. One tool, one overview: Administrators often use a variety of monitoring solutions for their network or for the individual components of their infrastructure. But using several different tools every time you want to create an overview costs time and energy. PRTG is an “all-in-one” solution. Our dashboard and app provide a comprehensive overview, whenever you want it.

3. Quick customer support: Got a question? Stuck on a problem and need a hand? PRTG is backed by a dedicated development and support team. We do our utmost to answer every customer inquiry within 24 hours (on business days). Browse all our support topics here.

Configure your PRTG today. The trial version is free of charge. Save time, worry, and money with our monitoring tool designed for your network and entire infrastructure.

PRTG

Network Monitoring Software - Version 19.4.54.1506 (November 25th, 2019)

Hosting

Download for Windows and hosted version available

Languages

English, German, Spanish, French, Portuguese, Dutch, Russian, Japanese, and Simplified Chinese

Pricing

Up to 100 sensors for free (Price List)

Unified Monitoring

Network devices, bandwidth, servers, applications, virtual environments, remote systems, IoT, and more

Supported Vendors & Applications

More